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DETAILED ACTION 



1 . Applicant's arguments and Appeal Brief filed November 9, 2007, have been fully 
considered but they are not persuasive. 

2. Claims 1-20 are pending and have been examined. 



3. The Double Patenting rejection is withdrawn in view of the Terminal Disclaimer 
filed 11/09/2007. 

4. In view of the appeal brief filed on November 9, 2007, PROSECUTION IS 
HEREBY REOPENED . A new ground of rejection is set forth below. 

5. To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed 
by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41.20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 



Response to Amendment 




GILBERT0 BARRON <y(L 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 
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Terminal Disclaimer 

6. The terminal disclaimer filed on 1 1/09/07 disclaiming the terminal portion of any 
patent granted on this application which would extend beyond the expiration date of US 
Patent 7,007,301 has been reviewed and is accepted. The terminal disclaimer has 
been recorded. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

8. Claims 1-17 are rejected under 35 U.S.C. 102(a) as being anticipated by 
Schneieret al. (US Patent Application Publication 2002/0087882, hereinafter 
Schneier). 

Regarding claim 1, Schneier teaches 

an integrated intrusion detection method comprising (par. 37): 

gathering information from a plurality of different types of intrusion 
detection sensors (pars. 35-36, monitors and collects information 
from sensors); 
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processing said information, wherein said processing provides a 
consolidated correlation of said information (pars. 64-65, analysis); 
assigning a response corresponding to said information (pars. 87-88, 
determine response); and 

implementing said response (pars. 87-88, initiates response). 
Regarding claim 8, Schneier teaches 

a computer usable storage medium having computer readable program code 
embodied therein for causing a computer system to implement intrusion detection 
instructions comprising (par. 37): 

a data collection module for receiving information from a plurality of 
different types of intrusion detection sensors, wherein said information 
indicates potential security issues (pars. 35-36, monitors and collects 
information from sensors); 

an integration module for integrating said information in a network 
application management platform (pars. 64-65, analysis); 
a reaction determination module for determining appropriate response to 
indication of said potential security issues (pars. 87-88, determine 
response); and 

a reaction direction module for directing said response (pars. 87-88, 
initiates response). 
Regarding claims 2 and 9, Schneier teaches wherein said information includes 
intrusion detection alerts (pars. 62-64, alerts). 
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Regarding claim 3, Schneier teaches centrally tracking information associated 
with intrusion detection alerts from said plurality of different types of intrusion detection 
sensors (pars. 35-36, monitors and collects information from sensors, pars. 63- 
64). 

Regarding claim 4, Schneier teaches wherein said tracking information 
associated with intrusion detection includes assigning severity assignments 
standardized across said plurality of different types of intrusion detection sensors (pars. 
21 and 42, prioritize, par. 105, modify priority of problem). 

Regarding claim 5, Schneier teaches wherein said intrusion detection alerts are 
correlated based upon various alert attributes (pars. 88-94, alerts and links to 
possible responses). 

Regarding claim 6, Schneier teaches wherein said response conforms to an 
enterprise wide strategy (par. 60, rules). 

Regarding claim 7, Schneier teaches managing said intrusion detection sensors 
(par. 37, adaptive sensors, receive updates dynamically). 

Regarding claim 10, Schneier teaches wherein said integration module selects 
appropriate hooks in an intrusion detection system (pars. 41-42, connecting through 
pipes). 

Regarding claim 11, Schneier teaches wherein said data collection module logs 
alerts from said plurality of different types of intrusion detection sensors (pars. 35-36, 
monitors and collects information from sensors, pars. 63-64). 
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Regarding claim 12, Schneier teaches wherein said alerts are provided by a 
simple network management protocol (SNMP), a system log and an application 
program interface (par. 36, SNMP sensors, syslogs, SNMP traps). 

Regarding claim 13, Schneier teaches wherein said integration module includes 
analyzing a plurality of manners in which an alert can be provided and selecting the 
manner that is the most secure with the least dependencies in a communication path 
(pars. 63, selecting alert method). 

Regarding claim 14, Schneier teaches wherein said integration module utilizes 
a network application management platform to log information (pars. 58-60, 
SOCRATES). 

Regarding claim 15, Schneier teaches wherein: an open view operation simple 
network management protocol trap is utilized to handle simple network management 
protocol trap based alerts; an open view operation log file encapsulator handles system 
log based alerts; and an open view message interceptor handles application program 
interface propagated alerts with the help of an operation message mechanism (par. 36, 
SNMP sensors, syslogs, SNMP traps). 

Regarding claim 16, Schneier teaches wherein a secure open view template 
configuration is utilized to log information and the one message group is configured for 
handling intrusion detection system alerts and another message group is configured for 
handling intrusion detection system errors (pars. 106-108, diverse groups and 
individuals are configured to receive alerts). 
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9. Claims 17-20 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Desai et al. (US Patent Application Publication 2003/0188189, hereinafter Desai). 

Regarding claim 17, Desai teaches an intrusion detection central system 
comprising (paragraphs 34-39): 

a bus for communicating information (paragraphs 44-49); 
a processor coupled to said bus, said processor for processing said 
information including instructions for coordinating security information 
from a plurality of different intrusion detection sensors (paragraphs 46- 
54); and 

a memory coupled to said bus, said memory for storing said information, 
including instructions for coordinating security information from a plurality 
of different intrusion detection sensors (paragraphs 63-76). 
Regarding claim 18, Desai teaches wherein said instructions include security 
management instructions implemented on a network application management platform 
(paragraphs 64-79). 

Regarding claim 19, Desai teaches a central console for interfacing with said 
network application management platform (paragraphs 95-101). 

Regarding claim 20, Desai teaches wherein said instructions include incident 
reaction instructions (paragraphs 66-78). 



Conclusion 
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10. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Hackenberger et al. (US Patent Application Publication 
2002/0184532) teaches multiple security modules providing alerts, Fischman et al (US 
Patent Application Publication 2003/0097588) teaches correlating security information 
from diverse sources for intrusion detection, Bruton, III et al. (US Patent Application 
Publication 2003/0145225) teaches a centralized intrusion detection system, Scheidell 
(US Patent Application Publication 2004/0098623) teaches an IDS gathering 
information from a plurality of different types of intrusion detection sensors; processing 
said information, wherein said processing provides a consolidated correlation of said 
information; assigning a response corresponding to said information; and implementing 
said response. 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Garcia Cervetti whose telephone number is 
(571)272-5861. The examiner can normally be reached on Monday-Tuesday and 
Thursday-Friday. 

1 2. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

1 3. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
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Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




/David Garcia Cervetti/ 




GILBERTO BARRON 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



